PERSONAL DATA PROCESSING POLICY
Please read this document carefully as it provides key information on the processing and storage of personal data within the framework of the Lithuanian Theatre in Numbers, a project funded by the Lithuanian Council for Culture of the Republic of Lithuania and run by the Association of Performing Arts Critics.
Should this Policy change, you will always find the most current version of it at http://smka.lt/activities/data-security/
1. WHO WE ARE?
Your persona data is collected, used and stored by
Association of Performing Arts Critics
Legal entity code: 304502971
Address: Vytenio g. 13-36, LT-03112 Vilnius
2. WHAT PERSONAL DATA WE COLLECT AND WHY?
|For what purpose do we collect personal data?
|What exactly data do we collect?
|What provision of the General Data Protection Regulation (BDAR) do we use to process your personal data?
|How long do we retain this data?
|For the preparation of reports on the results of the study
|Details of a THEATRE REPRESENTATIVE filling in the form:
Please note! The personal details of theatre representatives will not be made public.
Personal details of the CREATOR of a theatre performance:
|THEATRE REPRESENTATIVES’ data is collected with a legitimate interest in contacting theatres regarding their provided replies and other administrative questions about the project (Article 6 (1) (f) of the GDPR)
CREATORS’ data shall be collected with a legitimate interest in the proper implementation of the project Lithuanian Theatre in Numbers (Article 6 (1) (f) of the GDPR)
|We retain this data for 2 years after the completion of the report. Each new annual report extends data retention for another 2 years.
Please note! As the report will be completed annually, the data provided in the last report will be provided for the current year in order to simplify the reporting. In the event of a change in data (both of Theatre Representatives and Creators), the out-of-date data will be retained for 2 years from the date of filing the relevant report.
|For making public reports on the results of the research
|Personal details of the CREATOR of a theatre performance:
|Having a legitimate interest in informing the public about the general state of the theatre field and increasing transparency and impartiality of theatres in the public interest (Article 6 (1) (f) GDPR)
|In the public interest, the reports shall be made public for an unlimited period.
|To provide information on the collection and processing of personal data within the scope of the project
|Personal details of the CREATOR of a theatre performance:
|Having a legitimate interest in communicating your legal obligations (Article 6 (1) (f) GDPR)
|We retain this data for as long as creators’ data is being submitted in the current year’s report and for 2 years thereafter.
3. WHO DO WE DISCLOSE YOUR PERSONAL DATA TO WITHIN AND OUTSIDE THE EEA?
In the EEA:
- SurveyGizmo (survey platform), a data centre in Germany. You can read their data protection policies here.
- To our partners providing information technology, electronic communications, accounting, auditing, legal and other services only when it is necessary for the specific service.
- Public oversight and law enforcement agencies – only if these authorities justify the need for, and legitimacy of, data collection.
Outside the EEA:
- Google LLC (USA), a server and backup storage centre. Data is stored under the Privacy Shield programme. You can read more about it here.
4. HOW DO WE PROTECT YOUR PERSONAL DATA?
When processing and storing your personal data, we implement organisational and technical measures to ensure that personal data is protected against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing (such as access control). Upon receipt of your personal data, we apply all necessary procedures and safeguards to such data.
5. YOUR RIGHTS
Each data subject, i.e. each of you whose data is processed for the purposes described in this Policy, has the following rights:
- Know (be informed) about the processing of your personal data (Articles 12-14 of the GDPR);
- Access your personal data that is being processed (Article 15 of the GDPR);
- Request the correction of inaccurate personal data relating to you (Article 16 of the GDPR);
- Request the deletion of personal data relating to you (“the right to be forgotten”) (Article 17 of the GDPR).
Please note! You have the right to be forgotten only if it can be justified by one of the following reasons:
– personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
– you do not consent to the processing under Article 21 (1) of the GDPR and there are no overriding legitimate reasons for processing.
- Restrict data processing (Article 18 of the GDPR):
Please note! You have the right to restrict the processing of your data only if:
– personal data is inaccurate;
– the processing of personal data is unlawful, but you do not consent to the erasure of the data;
– the controller no longer needs personal data to fulfil their purpose, but it is necessary for you to assert, enforce or defend legal requirements;
– you object to the processing under Article 21 (1) of the GDPR unless the legitimate reasons of the controller override your own.
- Transfer your personal data when the processing is based on consent or contract and the data is processed by automated means (Article 20 of the GDPR);
- Object to the processing of personal data for reasons specific to your case where the processing is in the legitimate interests of the controller or of a third party, unless the controller proves that the processing is for compelling legitimate reasons overriding your interests, rights and freedoms, or for the purpose of asserting, enforcing or defending legal requirements (Article 21 of the GDPR).
- If you believe the Performing Arts Critics Association is unlawfully processing your personal data or is not implementing your rights, you have the right to file a complaint with the State Data Protection Inspectorate (L. Sapiegos g. 17, 10312 Vilnius, (8 5) 271 2804, 279 1445, email firstname.lastname@example.org).
Is your personal data processing policy not clear? Contact us by email email@example.com.